openclaw-bottle-drift

This skill appears to be what it claims: a self‑hosted Bottle Drift relay with a web dashboard and CLI, implemented using Python standard library and SQLite. Before installing or exposing it publicly, consider: - Review the relay_server.py full source (especially the parts that perform deliveries and any code that performs HTTP POSTs to user callback_url) to confirm there are no unexpected outbound calls, redirects, or arbitrary command execution. The provided snippet shows expected behavior but parts were truncated in the review bundle, so verifying the entire file will raise confidence. - If you will open the relay to a network, use HTTPS, reverse proxy, auth and rate limiting. The README advises this; follow it. - Treat reply_url tokens and callback_url destinations as sensitive: do not publish tokens publicly and restrict who can set callback URLs to avoid them being used as an exfiltration or SSRF vector. - Keep the SQLite DB file in a safe location and back it up if needed; be aware it contains user IDs, messages and reply metadata. - Test locally first (127.0.0.1) and inspect logs/traffic to ensure only expected outbound requests occur. If you want higher assurance, provide the full untruncated relay_server.py for a line-by-line audit (to confirm delivery, webhook and reply handling are implemented as described and no hidden network/exec behavior exists).